Four Bugs in Microsoft Teams Left Platform Vulnerable Since March

UPDATE Four vulnerabilities in Microsoft Teams, unpatched since March, allowed link spoofing of URLs and opened the door to DoS attacks against Android users, researchers said. Researchers from Positive Security discovered four bugs in the feature earlier this year and told Microsoft about the...

Time to Ditch Big-Brother Accounts for Network Scanning

In almost every network, there is a highly privileged service account remotely connecting to all computers. These accounts are usually used by backup, security or monitoring solutions. But using such accounts to remotely login to systems on the network introduces unnecessary risk — it’s a bad...

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

There’s an enormous amount of software vulnerable to the Log4j bug through Java software supply chains — and administrators and security pros likely don’t even know where to look for it. About 17,000 Java packages in the Maven Central repository, the most significant collection of Java packages...

Half-Billion Compromised Credentials Lurking on Open Cloud Server

According to the National Crime Agency’s National Cyber Crime Unit in the U.K., nearly 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime yahoo who happened to stop by. The credentials were a mixed bag in terms of...

Two Active Directory Bugs Lead to Easy Windows Domain Takeover

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. In a Monday alert, Microsoft urged organizations to immediately patch the pair of bugs, tracked as CVE-2021-42287 and...

FBI: Another Zoho ManageEngine Zero-Day Under Active Attack

Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges — with an ultimate goal of dropping malware onto organizations’ networks, the FBI ha...

Conti Ransomware Gang Has Full Log4Shell Attack Chain

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of...

Robocalls More Than Doubled in 2021, Cost Victims $30B

No surprise to anyone with a phone: Robocalls are rampant. In fact, the number of scam calls more than doubled over the past year, successfully bilking wireless phone customers out of $29.8 billion in 2021 alone. Wireless carrier T-Mobile just released its Scam and Robocall year-end report, and t...

Third Log4J Bug Can Trigger DoS; Apache Issues Patch

No, you’re not seeing triple: On Friday, Apache released yet another patch – version 2.17 – for yet another flaw in the ubiquitous log4j logging library, this time for a DoS bug. Trouble comes in threes, and this is the third one for log4j. The latest bug isn’t a variant of the Log4Shell...

Facebook Bans Spy-for-Hire Firms for Targeting 50K People

Meta, Facebook’s parent company, has kicked six alleged spy-for-hire “cyber-mercenaries” to the curb, along with a mysterious Chinese law-enforcement supplier. It accused the entities of collectively targeting about 50,000 people for surveillance. In a report PDF entitled “Threat Report on the...

Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting

Friday’s release of Spider-Man: No Way Home is the first post-pandemic premiere to really have all the Hollywood blockbuster accessories: superheroes, Zendaya, a healthy dose of comic book nostalgia — even its own phishing scam. Researchers at Kaspersky warned that the release of Spider-Man: No W...

Malicious Joker App Scores Half-Million Downloads on Google Play

The Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message. The app was downloaded more than 500,000 times before its removal from the store. Users should immediately delete Color Message from their devices to avoid being defrauded, researchers ...

Brand-New Log4Shell Attack Vector Threatens Local Hosts

Defenders will once again be busy beavers this weekend: There’s an alternative attack vector for the ubiquitous Log4j vulnerability, which relies on a basic Javascript WebSocket connection to trigger remote code-execution RCE on servers locally, via drive-by compromise. In other words, an exploit...

Convergence Ahoy: Get Ready for Cloud-Based Ransomware

The two types of cyberattacks that have dominated the news over the past year have been ransomware, and software and service supply-chain attacks. The former have mainly been perpetrated by criminal enterprises looking to turn a quick profit. In contrast, the latter attacks have primarily been th...

Conti Gang Suspected of Ransomware Attack on McMenamins

A family-run chain of hotels and restaurants this week has been grappling with the aftermath of a ransomware attack that occurred last weekend that may have exposed employees’ sensitive personal data, according to multiple reports. The incident – which some have attributed to the Conti gang –...

‘Tropic Trooper’ Reemerges to Target Transportation Outfits

They’ve been an active threat group since 2011, but a recent uptick in activity from Earth Centaur – previously known as Tropic Trooper – aimed specifically at transportation and government agencies is setting off alarm bells among experts. Trend Micro researchers have been tracking Tropic...

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

Researchers have tracked new spyware – dubbed “PseudoManuscrypt” because it’s similar to “Manuscrypt” malware from the Lazarus advanced persistent threat APT group – that’s attempted to scribble itself across more than 35,000 targeted computers in 195 countries. Kaspersky researchers said in a...

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

A novel remote access trojan RAT being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT – discovered by...

Relentless Log4j Attacks Include State Actors, Possible Worm

Call it a “logjam” of threats: Attackers including nation-state actors have already targeted half of all corporate global networks in security companies’ telemetry using at least 70 distinct malware families — and the fallout from the Log4j vulnerability is just beginning. Researchers manning...

Malicious Exchange Server Module Hoovers Up Outlook Credentials

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access OWA. Internet Information Services IIS, Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are know...

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP has identified 32 apps that are affected by CVE-2021-44228 – the critical vulnerability in the Apache Log4j Java-based logging library that’s been under active attack since last week. As of yesterday, Patch Tuesday, the German software maker reported that it’s already patched 20 of those apps...

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

As if finding one easily exploited and extremely dangerous flaw in the ubiquitous Java logging library Apache Log4j hadn’t already turned the Internet security community on its ear, researchers now have found a new vulnerability in Apache’s patch issued to mitigate it. Last Thursday security...

2022: Supply-Chain Chronic Pain & SaaS Security Meltdowns

If 2021 was the Year of Supply-Chain Pain, 2022 will be the Year of Supply-Chain Chronic Pain or something worse than pain. This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our...

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

As if the Log4Shell hellscape wasn’t already driving everybody starkers, it’s time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges. To paraphrase one mobile security expert, the iOS 15.2...

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot and more in the form of fake applications. The patch came as part of the computing giant’s December Patch Tuesday update, which included a total of 67 fixes for security vulnerabilities. Th...

400 Banks’ Customers Targeted with Anubis Trojan

Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the...

What the Log4Shell Bug Means for SMBs: Experts Weigh In

News of the Log4Shell vulnerability is everywhere, with security experts variously calling the Apache log4j logging library bug a recipe for an “internet meltdown,” as well as the “worst cybersecurity bug of the year.” Names like “Apple,” “Twitter” and “Cloudflare” are being bandied about as bein...

How to Buy Precious Patching Time as Log4j Exploits Fly

Sure, Apache got a patch out fast when the Log4j logging library vulnerability – aka Javageddon or “up there with Shellshock” – exploded last week. But emergency patches take days best-case scenario or weeks to install: plenty of time for attackers to do their worst. Which they lickety-split did,...

‘Seedworm’ Attackers Target Telcos in Asia, Middle East

Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers. The cyberespionage campaigns leverage a potent cocktail of spear phishing, known malware and legitimate network utilities that are leveraged ...

Kronos Ransomware Outage Drives Widespread Payroll Chaos

Kronos, the workforce management platform, has been hit with a ransomware attack that it says will leave its cloud-based services unavailable for several weeks – and it’s suggesting that customers seek other ways to get payroll and other HR tasks accomplished. The outage has left cataclysmic issu...

Where the Latest Log4Shell Attacks Are Coming From

Cybersecurity professionals across the world have been scrambling to shore up their systems against a critical remote code-execution RCE flaw CVE-2021-44228 in the Apache Log4j tool, discovered just days ago. Now under active exploit, the “Log4Shell” bug allows complete server takeover. Researche...

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Three malicious packages hosted in the Python Package Index PyPI code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into installations in various applications. Independent researcher Andrew Scott found the packages during a nearly...

Log4Shell Is Spawning Even Nastier Mutations

The internet has a fast-spreading, malignant cancer – otherwise known as the Apache Log4j logging library exploit – that’s been rapidly mutating and attracting swarms of attackers since it was publicly disclosed last week. Most of the attacks focus on cryptocurrency mining done on victims’ dimes,...

Next-Gen Maldocs & How to Solve the Human Vulnerability

Any cybersecurity attack — whether it be a breach, an incident or any form of compromise — starts with hackers getting in through the door. Threat actors and adversaries rely on gaining code execution on a target system which they can then leverage to do more damage—a phase commonly referred to a...

‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets

Riot Games, the developer behind League of Legends, has filed a California lawsuit against scammers, whose identities aren’t yet known, for ripping off job seekers with the promise of a gig with the company. Usually early in their careers and eager for a chance with a gaming company like Riot, jo...

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j could allow unauthenticated remote code execution RCE and complete server takeover — and it’s being exploited in the wild. The flaw first turned up on sites that cater to users of the world’s favorite game,...

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

An active attack against more than 1.6 million WordPress sites is underway, with researchers spotting tens of millions of attempts to exploit four different plugins and several Epsilon Framework themes. The goal, they said, is complete site takeover using administrative privileges. The scope of t...

‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware

There is a new financially motivated threat group on the rise and for a change, it doesn’t appear to be interested in deploying ransomware or taking out high-profile targets. Researchers from Accenture Security have been tracking a group that calls itself “Karakurt,” which means “black wolf” in...

Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say

Investigations that ran in parallel over nearly two years by Canadian and U.S. law enforcement have led to this week’s arrest of an Ottawa man, who is alleged to have an extensive track record of ransomware attacks on companies, governments and individuals. The highly-publicized arrest is a messa...

Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity

The festive season is moving into full swing, and so is holiday shopping – including special product launches and sales. But just as we collectively look forward to leisurely browsing for deals from the couch, perhaps with a mug of hot cocoa, “grinchbots” have emerged to burn it all down. Accordi...

How MikroTik Routers Became a Cybercriminal Target

The routers leveraged by the Mēris botnet in a massive distributed denial-of-service DDoS attack against Russia’s internet giant Yandex have also been the unwitting platform for numerous cyberattacks, researchers have found. This is due to a persistent vulnerable state that’s difficult for...

Malicious npm Code Packages Built for Hijacking Discord Servers

A series of malicious packages in the Node.js package manager npm code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users’ accounts and servers. The npm repository is an open-source home for JavaScript developers to share and reuse code blocks. The...

Moobot Botnet Chews Up Hikvision Surveillance Systems

Although a patch was released in September, any still-vulnerable Hikvision IP Network Video Recorder NVR products are being actively targeted by the Mirai-based botnet known as Moobot. FortiGuard Labs has released a report detailing how the Moobot botnet is leveraging a known remote code executio...

Not with a Bang but a Whisper: The Shift to Stealthy C2

As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat APT malware and the billion-dollar infosec...

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

Critical security vulnerabilities in SonicWall’s Secure Mobile Access SMA 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root. The SMA 100 line was created to provide end-to-end secure remote access to corporate resources, be they hosted on-prem, cloud or...

AWS, Other Cloud Services Affected by Flaws in Eltima SDK

Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, amo...

Emotet’s Behavior & Spread Are Omens of Ransomware Attacks

The rapid spread of Emotet via TrickBot and its behavior since the malware resurfaced last month could signal that a spate of ransomware attacks are on the way, spurring researchers to warn organizations to buckle up and get ready. In mid-November, a team of researchers from Cryptolaemus, G DATA...

Windows 10 Drive-By RCE Triggered by Default URI Handler

Researchers have discovered a drive-by remote code-execution RCE bug in Windows 10 via Internet Explorer 11/Edge Legacy – the EdgeHTML-based browser that’s currently the default browser on Windows 10 PCs – and Microsoft Teams. According to a report posted Tuesday by Positive Security, the...

Windows 10 Drive-By RCE Triggered by Default URI Handler

Researchers have discovered a drive-by remote code-execution RCE bug in Windows 10 via Internet Explorer 11/Edge Legacy – the EdgeHTML-based browser that’s currently the default browser on Windows 10 PCs – and Microsoft Teams. According to a report posted Tuesday by Positive Security, the...

When Scammers Get Scammed, They Take It to Cybercrime Court

Blocked from legitimate courts, cybercriminals have set up their own system for settling disputes, handing over ultimate decision-making to senior underground forum administrators who have awarded claims totaling as much as $20 million. A new report from Analyst1 details activities inside these...